Insecure Random Number Generator in Progress DataDirect Connect for ODBC with Oracle Advanced Security Encryption
CVE-2023-34363
5.9MEDIUM
What is CVE-2023-34363?
An issue has been identified in Progress DataDirect Connect for ODBC prior to version 08.02.2770 when utilizing Oracle Advanced Security (OAS) encryption. If an error occurs during the initialization of the encryption object, the system defaults to a less secure encryption mechanism that employs a flawed random number generator for key generation. This vulnerability exposes the potential for attackers to anticipate and predict the private key, thereby compromising the ability to securely encrypt data transmitted between the driver and the database server. This flaw is not present when using SSL/TLS encryption.